» unins000.exe
Overview
Analysis
File Details
Behaviors (1)

unins000.exe

The executable unins000.exe has been detected as malware by 35 anti-virus scanners. This is the uninstaller utility registered in the Windows Control Panel for the program SMADAV version 11.2 by Smadsoft. This virus which infects .exe files stops various security software and prevents some core Windows utilities from running. It also tries to download other files from a remote server, including other malware.

File name:

unins000.exe

Description:

Setup/Uninstall

Version:

51.1052.0.0

MD5:

8d55ba15d076e1919667c67c6f90a691

SHA-1:

80dab963caf1c77365eb540e88f65f410c4a5eb2

SHA-256:

d6273bac3cac6392fcd860fc3a93f95ed68685114bceac786e9ea68312a41307

Scanner detections:

35 / 68

Status:

File is infected by a Virus

Explanation:

The file is infected by a polymorphic file infector virus.

Analysis date:

4/1/2025 8:22:30 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Win32.Sality.3

-40

AhnLab V3 Security

Win32/Kashu.E

3.8.3.16

Avira AntiVirus

W32/Sality.AG

8.3.3.4

Arcabit

Win32.Sality.3

1.0.0.802

avast!

Win32:SaliCode

2014.9-170315

AVG

Win32/Sality

2018.0.2438

Baidu Antivirus

Win32.Virus.Sality

4.0.3.17315

Bitdefender

Win32.Sality.3

1.0.20.370

Bkav FE

W32.Sality.PE

1.3.0.8876

Comodo Security

Virus.Win32.Sality.gen

26759

Dr.Web

Win32.Sector.30

9.0.1.074

Emsisoft Anti-Malware

Win32.Sality

8.17.03.15.05

ESET NOD32

Win32/Sality.NBA

11.15092

F-Prot

W32/Sality.gen2

v6.4.7.1.166

F-Secure

Win32.Sality.3

11.2017-15-03_4

G Data

Win32.Virus.Sality

17.3.A:25.11192B:25.9090

IKARUS anti.virus

Virus.Win32.Sality

0.2.1.2

K7 AntiVirus

Virus

13.10.6.22727

Kaspersky

Virus.Win32.Sality

14.0.0.-1314

McAfee

W32/Sality.gen.z

5600.6094

Microsoft Security Essentials

Virus:Win32/Sality.AT

1.1.13504.0

MicroWorld eScan

Win32.Sality.3

18.0.0.222

NANO AntiVirus

Virus.Win32.Sality.yusp

1.0.70.15657

nProtect

Virus/W32.Sality.D

17.03.15.02

Qihoo 360 Security

Virus.Win32.Sality.I

1.0.0.1120

Quick Heal

W32.Sality.U

3.17.14.00

Rising Antivirus

Win32.KUKU.kt (classic)

23.00.65.17313

Sophos

Mal/Sality-D

4.98

Total Defense

Win32/Sality.AA

37.1.62.1

Trend Micro House Call

PE_SALITY.RL

7.2.74

Trend Micro

PE_SALITY.RL

10.465.15

Vba32 AntiVirus

Virus.Win32.Sality.bakb

3.12.26.4

VIPRE Antivirus

Virus.Win32.Sality.at

56666

ViRobot

Win32.Sality.Gen.A[h]

2014.3.20.0

Zillya! Antivirus

Virus.Sality.Win32.25

2.0.0.3232

File size:

1.2 MB (1,291,977 bytes)

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\Program Files\smadav\unins000.exe

File PE Metadata

Compilation timestamp:

10/13/2013 10:19:33 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

Entry address:

0xFF004

Entry point:

60, BE, A7, 95, 83, 35, 8D, 3D, 78, 5F, A4, AD, 8A, E5, 14, A3, 31, F7, 00, D3, BE, 50, 62, BB, BB, 4E, 52, 68, 07, 26, E7, 00, 0F, AF, F6, 85, F2, E8, 32, 00, 00, 00, 23, D6, FE, C3, F3, 88, D9, FF, C2, 8D, 35, 58, CC, 0C, 32, 8D, 1D, FC, 4C, F5, 85, 42, 50, 87, DB, 33, C3, 0F, AF, C8, 5F, 81, EE, 62, BC, 14, 50, 89, C8, C7, C2, DC, 45, 1D, 85, 8B, EF, C6, C1, 21, 5E, F2, 0F, AF, C2, F7, C0, ED, BE, 19, CA, 8D, 1D, 0C, 4D, B7, 43, 81, FD, FC, 12, 00, 00, 70, 08, 81, E9, 66, 5C, E6, 1F, 85, C1, 81, C8, 99... 
[+]

Entropy:

6.5268

Code size:

1015 KB (1,039,360 bytes)

Program Uninstaller

Program name:

SMADAV version 11.2

Display publisher:

Smadsoft

Display version:

11.2

Uninstall string:

"C:\Program Files\SMADAV\unins000.exe"

Remove unins000.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.